Lucene search
+L

296 matches found

Cvelist
Cvelist
added 2025/08/14 12:0 a.m.12 views

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

0.00383EPSS
Exploits0References3
NVD
NVD
added 2025/07/17 1:15 p.m.20 views

CVE-2025-5344

Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects a...

8.5CVSS0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.3 views

PT-2025-29691 · Unknown · Zwx-2000Csw2-Hn

Name of the Vulnerable Software and Affected Versions: ZWX-2000CSW2-HN versions prior to 0.3.19 ZWX-2000CS2-HN affected versions not specified Description: A use of hard-coded credentials issue exists. Exploitation of this issue may allow an attacker to tamper with device settings by obtaining th...

8.8CVSS4.4AI score0.00332EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/07/01 8:10 a.m.4 views

CVE-2025-41648 Pilz: Authentication Bypass in IndustrialPI Webstatus

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI...

9.8CVSS7.5AI score0.00696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.7 views

CVE-2024-41999

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's...

6.8CVSS7.3AI score0.00261EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.8 views

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

8.8CVSS7.2AI score0.00659EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.13 views

CVE-2024-24486

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEPDATA command...

9.1CVSS7AI score0.00568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:49 a.m.9 views

CVE-2023-45844

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings ADB debug...

7.3CVSS6.9AI score0.00335EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:44 a.m.10 views

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

9.8CVSS7.1AI score0.00703EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.5 views

CVE-2023-0837

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration...

6.6CVSS5.4AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.8 views

CVE-2022-34840

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

6.5CVSS7AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:13 a.m.19 views

CVE-2022-44620

Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

8.8CVSS7.5AI score0.00866EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.9 views

CVE-2022-43464

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

8.8CVSS7.3AI score0.00999EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 p.m.9 views

CVE-2022-44211

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings...

7.4CVSS7AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:7 p.m.8 views

CVE-2021-20650

Cross-site request forgery CSRF vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...

6.5CVSS7.8AI score0.00497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.3 views

CVE-2021-20636

Cross-site request forgery CSRF vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted...

6.5CVSS7.4AI score0.00497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/14 9:16 p.m.10 views

CVE-2025-3659

Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: Digi PortServer TS - prior to and including 82000747AA, build date 06/17/2022 Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774Z, build date 10/19/2020...

9.4CVSS7.2AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 10:15 p.m.20 views

CVE-2025-30512

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely e.g., on/off...

6.9CVSS0.00573EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 8:22 a.m.55 views

CVE-2024-41795

The CVE concerns Siemens SENTRON 7KT PAC1260 Data Manager (All versions) whose web interface is vulnerable to CSRF, enabling an unauthenticated attacker to alter device settings by tricking an admin into a malicious link. Several connected sources corroborate that the vulnerability involves chang...

6.9CVSS7.4AI score0.00206EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/08 8:22 a.m.6 views

CVE-2024-41795

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...

6.9CVSS7.4AI score0.00206EPSS
Exploits0References1
Rows per page
Query Builder